提取p12内容,检查p12状态
改接口只是检查P12状态,获取P12内容逻辑如下:
导入头文件
#include "pkcs12.h"
#include "p12checker.h"
- (void)readP12:(NSString *)p12_path pwd:(NSString *)pwd {
PKCS12 *p12 = NULL;
X509* usrCert = NULL;
EVP_PKEY* pkey = NULL;
STACK_OF(X509)* ca = NULL;
char* password = (char*)[pwd cStringUsingEncoding:NSUTF8StringEncoding];
BIO*bio = NULL;
char* p = NULL;
bio = BIO_new_file([p12_path UTF8String], "r");
p12 = d2i_PKCS12_bio(bio, NULL); //得到p12结构
BIO_free_all(bio);
PKCS12_parse(p12, password, &pkey, &usrCert, &ca); //得到x509结构
if (usrCert)
{
fprintf(stdout, "Subject:");
p = X509_NAME_oneline(X509_get_subject_name(usrCert), NULL, 0);
//读取证书内容
NSDictionary* subject = [self readSubjectFormX509:p];
NSString* country = subject[@"U"];
NSString* name = subject[@"CN"];
NSString* organization = subject[@"O"];
NSString* organization_unit = subject[@"OU"];
NSString* user_ID = subject[@"UID"];
NSString* country = subject[@"C"];
ASN1_TIME* before = X509_get_notBefore(usrCert);
long start_time = [self readRealTimeForX509:(char *)before->data];
ASN1_TIME* after = X509_get_notAfter(usrCert);
long expire_time = [self readRealTimeForX509:(char *)after->data];
dispatch_async(dispatch_get_global_queue(0, 0), ^{
//9月之后苹果新增G3类型的根证书,这里需要区分
bool g3 = [self isG3ForX509:usrCert];
bool revoked = isP12Revoked(usrCert, g3);
});
}
- (long )readRealTimeForX509:(char *)x509data{
NSString* x509TimeString = [NSString stringWithUTF8String:x509data];
if (x509TimeString.length<12) {
return 0;
}
NSString* start_time = [NSString stringWithFormat:@"20%@-%@-%@ %@:%@:%@",[x509TimeString substringWithRange:NSMakeRange(0, 2)], [x509TimeString substringWithRange:NSMakeRange(2, 2)], [x509TimeString substringWithRange:NSMakeRange(4, 2)], [x509TimeString substringWithRange:NSMakeRange(6, 2)], [x509TimeString substringWithRange:NSMakeRange(8, 2)], [x509TimeString substringWithRange:NSMakeRange(10, 2)]];
long timeLong = [NSDate getDateLongWithDateStr:start_time];
return timeLong+8*60*60;
}
- (NSDictionary *)readSubjectFormX509:(char *)x509data{
NSMutableDictionary* mdic = [NSMutableDictionary dictionary];
NSString* x509String = [NSString stringWithUTF8String:x509data];
NSArray* objs = [x509String componentsSeparatedByString:@"/"];
for (NSString* obj in objs) {
NSArray* content = [obj componentsSeparatedByString:@"="];
if (content.count == 2) {
NSDictionary* dic = @{content.firstObject:content.lastObject};
[mdic addEntriesFromDictionary:dic];
}
}
return mdic.copy;
}
- (bool)isG3ForX509:(X509*)usrCert{
X509_NAME* name = X509_get_issuer_name(usrCert);
const unsigned char* der = NULL;
size_t leng;
X509_NAME_get0_der(name, &der, &leng);
const X509_NAME_ENTRY *ne = X509_NAME_get_entry(name, 2);
ASN1_OBJECT *obj = X509_NAME_ENTRY_get_object(ne);
ASN1_STRING *asn1_data = X509_NAME_ENTRY_get_data(ne);
bool g3 = strcmp((char *)asn1_data->data, "G3") == 0; //Apple Worldwide Developer Relations
return g3;
}